Threat Level: green Handler on Duty: Russ McRee

SANS ISC: HTTP Header Usage Statistics - SANS Internet Storm Center HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Content-Type
Date
Server
Connection
Set-Cookie
Cache-Control
X-Powered-By
Vary
Expires
Content-Length
Last-Modified
Pragma
Accept-Ranges
ETag
Link
X-Pingback
X-Content-Type-Options
P3P
X-XSS-Protection
X-AspNet-Version
X-Frame-Options
X-Cache
Content-Language
Age
CF-RAY
X-UA-Compatible
X-Adblock-Key
Via
Keep-Alive
Strict-Transport-Security
X-Template
X-Language
X-Check
X-Varnish
Access-Control-Allow-Origin
X-Buckets
X-Cacheable
X-Generator
Content-Location
P3p
X-Drupal-Cache
X-Hacker
X-Ac
X-AspNetMvc-Version
X-Iinfo
X-Powered-By-Plesk
MS-Author-Via
X-Request-ID
X-Type
X-Cache-Group
X-Pass-Why
X-Runtime
WP-Super-Cache
Status
Ngpass-Ngall
X-Powered-CMS
Host-Header
Access-Control-Allow-Credentials
X-UA-Device
X-Cache-Hits
Content-Security-Policy-Report-Only
X-Mod-Pagespeed
X-ShopId
X-ShardId
X-Dc
X-Alternate-Cache-Key
X-Request-Id
X-Pad
X-Tumblr-Pixel-0
X-Tumblr-User
X-Tumblr-Pixel
X-Backend
X-Logged-In
X-Via
Access-Control-Allow-Headers
X-Tumblr-Pixel-1
Access-Control-Allow-Methods
X-Tumblr-Pixel-2
X-Host
X-Server
X-ServedBy
X-ContextId
X-Served-From-Cache
X-Served-By
X-Cache-Hit
X-CDN
X-PC-Hit
X-PC-Key
Content-Security-Policy
X-Port
X-Robots-Tag
Powered-By
X-Cache-Lookup
X-Xss-Protection
X-Tumblr-Pixel-3
X-PC-AppVer
X-PC-Host
X-PC-Date
MicrosoftOfficeWebServer
X-Rack-Cache
X-FRAME-OPTIONS
MicrosoftSharePointTeamServices
SPRequestGuid
X-SharePointHealthScore
X-Accel-Version
X-Varnish-Cache
X-Request-Country
X-Cache-Status
Upgrade
X-Safe-Firewall
X-MS-InvokeApp
X-Page-Speed
X-Amz-Cf-Id
X-Wix-Renderer-Server
X-Seen-By
Content-Encoding
X-Wix-Request-Id
X-XRDS-Location
X-Cnection
X-AH-Environment
X-W-DC
X-Turbo-Charged-By
Rating
CF-Cache-Status
X-Webserver
X-Tumblr-Content-Rating
X-INKT-URI
X-INKT-SITE
X-PhApp
X-FullPageCaching
Composed-By
X-Tumblr-Pixel-4
X-Content-Digest
Request-Id
X-GitHub-Request-Id
X-Firenze-Processing-Times
X-Content-Powered-By
SPIisLatency
SPRequestDuration
X-Cache-Enabled
Alternate-Protocol
Served-By
Public-Key-Pins
X-Proxy
Liferay-Portal
X-Amz-Id-2
X-Amz-Request-Id
X-Timer
X-Spip-Cache
Alt-Svc
X-Proxy-Cache
Cf-Railgun
X-Node
X-Styx-Req-Id
X-Styx-Version
X-Pantheon-Styx-Hostname
X-Pantheon-Endpoint
X-Hyper-Cache
Timing-Allow-Origin
X-XN-Trace-Token
X-XN-XNHTML
X-Server-Name
X-Server-Powered-By
Permitted-Cross-Domain-Policies
X-HeyJason
X-CF-Powered-By
Access-Control-Expose-Headers
Content-Script-Type
Charset
Content-Style-Type
X-Tumblr-Pixel-5
Access-Control-Max-Age
X-Swift-CacheTime
X-Swift-SaveTime
X-Content-Security-Policy
EagleId
Access-Control-Allow-Method
X-Permitted-Cross-Domain-Policies
X-FB-Debug
X-Hits
X-CDN-Geo
X-CDN-Geo-IP
Public-Key-Pins-Report-Only
X-FW-Hash
X-CDN-Any-IP
X-Powered-By-360WZB
X-VCache
X-Clacks-Overhead
X-Fastly-Request-ID
X-Umbraco-Version
X-Cached-By
X-FW-Serve
X-FW-Static
Content-MD5
X-SERVER
X-FW-Type
Real-Hostname
X-Loop
Cartoon
Refresh
X-Device
X-Cache-Server
Grace
X-DDC-Arch-Trace
X-Jimdo-Wid
X-Jimdo-Instance
X-TNCMS
X-Generated-By
X-DynaTrace-JS-Agent
X-Outils-CS
X-Backend-Server
X-User-Agent
X-Url
X-Cache-Result
X-Gateway
X-LJ-Flow-ID
X-AWS-Id
X-Beta
X-VWS-Id
X-Px
X-Age
X-Cache-Config
NS-RTIMER-COMPOSITE
X-Cloud-Trace-Context
PageSpeed
X-DynaTrace
X-Cached
X-MiniProfiler-Ids
X-Tumblr-Pixel-6
TCN
X-CMS-Version
X-Whom
X-Xrds-Location
X-Hostname
Response
Fpc-Cache-Id
X-LiteSpeed-Cache
Fastly-Debug-Digest
X-Drupal-Dynamic-Cache
X-Middleton-Display
Display
X-Sol
X-Middleton-Response
X-ServerName
Surrogate-Control
Magicmarker
X-Forwarded-For
X-Download-Options
X-Msg-2-Log
X-Backend-Time
X-From
Imagetoolbar
X-WebKit-CSP
DynaTrace
ServerName
Rt-Fastcgi-Cache
X-AspNetWebPages-Version
Product
ServedBy
X-Micro-Cache
X-Expires-Orig
X-Content-Options
IBM-Web2-Location
X-Handled-By
X-Varnish-Host
Powered-By-ChinaCache
X-TTL
X-Matrix-Server
X-Country-Code
X-Matrix-Proxy
X-Cache-Info
X-Content-Encoded-By
X-URL
X-App-Hosting
Generator
Page-Completion-Status
X-Hosted-By
X-NetCat-Version
X-ApacheServer
X-Firenze-Processing-Time
X-Varnish-Cache-Hits
Proxy-Connection
X-Art-Request-Id
Edge-Control
X-Cache-TTL
X-I
X-Actual-URL
X-Returned-From-BeforeDispatch
X-Returned-From
X-Passed-To
X-Passed-To-PostProcessResponse
X-Passed-To-DLL
X-Passed-To-BeforeDispatch
X-Original-Request
X-Returned-From-DLL
Access-Control-Request-Method
Content-Hash
X-Returned-From-PostProcessResponse
MIME-Version
Ag-Send-Time
Ag-Execution-Time
Ag-Server-Time
X-Varnish-Beresp-Ttl
X-Varnish-Beresp-Grace
X-Do-Not-Hack
X-Varnish-Beresp-Status
X-Stale
X-ATG-Version
Surrogate-Keys
X-Version
Fhost
X-Track
X-FORWARDED-FOR
X-Varnish-Backend
Content-Encoding-Handler
Content-Disposition
X-Recruiting
X-Server-ID
X-Varnish-Cacheable
X-PERF
X-S
X-Cache-Rule
X-Microcachable
X-UD-Method
Powered
X-Cache-Age
X-Abuse
Lsrequestid
X-Varnish-TTL
X-Duration
X-CacheServer
X-ChromeLogger-Data
Pics-Label
X-Ruxit-JS-Agent
X-SDS
X-Cdn
X-NoCache
Proxy-Agent
X-Gamma-Serve
Node
Akamai-IP
X-Cache-Control-Orig
X-Cache-Debug
X-Director
X-VTEX-Janus-SO
X-VTEX-Cache-Status-Janus-Edge
X-VTEX-Janus-Router-Backend-App
X-Powered-By-VTEX-Janus-Edge
X-Powered-By-VTEX-Janus-ApiCache
X-VTEX-Janus-System
X-VTEX-Cache-Status-Janus-ApiCache
X-Vtex-Processado-Em:
X-Vtex-Processed-At
X-Vtex-Remote-Cache
No
ServerID
Front-End-Https
Host
X-Daa-Tunnel
X-Location-Id
Retry-After
Content-Security-Policy-Rerport-Only
X-Varnish-Hits
Webluker-Edge
X-App-Status
X-Route-Server
X-I-Sp
X-BS
X-Processed-By
X-Mobilized-By
CC-CACHE
RTSS
X-Powered-By-Server
SN
X-Platform
X-Varnish-Age
X-CJ-Soft
X-CDN-Cache-Status
X-CDN-Node
X-RESOURCE
X-Fastcgi-Cache
X-URLSCHEME
X-Developer
X-Cache-Expires
X-Drectory-Script
X-FW
X-Speed-Cache
X-Device-Type
Cache
X-Trace
X-Front
NODE
X-Response-Time
Server-Info
X-Cache-Lifetime
X-Akamai-Device-Characteristics
X-Purge-Host
X-SRCache-Fetch-Status
X-SRCache-Store-Status
X-PwB-Node
X-Time
X-Translation
X-Cache-Operation
X-Microcache-Status
X-Geo-IP
X-Upstream
X-HOST
X-Libra-UpstreamHost
SID
X-Speed-Cache-Key
X-Akamai-Device-Model
X-Purge-URL
Version
X-Instart-Request-ID
Buuteeq-Source
Cxy-All
X-Varnish-Server
X-Client-IP
X-Cookie-Domain
X-Mobile-URL
X-Amz-Meta-S3cmd-Attrs
Last-Published
X-DNS-Prefetch-Control
Arr-Disable-Session-Affinity
X-Engine
X-Goog-Hash
X-ServerID
X-Magnolia-Registration
NetMindSessionID
X-GeoIP-Country-Code
X-GeoIP-Country-Name
X-AOL-HN
X-Revision
Req-Id
X-Frontend
X-ARC
X-Cache-Tags
X-Geo-IP-Region
X-Geo-IPV
X-Vcap-Request-Id
Qs-Cache
X-Geo-IP-Country
X-Varnish-Hostname
X-Geo-IP-Metro
X-DefendeR-Runtime
X-Request-Time
Fastcgi-Cache
X-Source
X-DefendeR-Status
COMMERCE-SERVER-SOFTWARE
Accept-Charset
Origin
X-Yadis-Location
Thanks
Mobiquo-Is-Login
X-Newrelic-App-Data
A-Powered-By
Location
X-Cache-Key
Ngpass-Vcall
VAR-Cache
Accept-Encoding
Cm-Server
X-Varnish-IP
WSR-Cache
X-Trace-Cache
X-Grace
X-Provisioner-Version
X-Processing-Time
NtCoent-Length
X-Srv
X-N
X-Page-Cache
X-Domain-Checked
X-Blog
Filter-Revision
X-Dispatch
X-AOL-SNH
X-ACMCache
X-ClientSide-Caching
X-Real-Server
X-Varnish-Grace
LBVIS
PICS-Label
X-App
Lfy
Frame-Options
X-Highwire-SessionId
X-Highwire-RequestId
Server-Name
Srv
X-Directory-Script
X-SmartBan-Host
X-Rocket-Nginx-Bypass
X-SmartBan-URL
X-Discourse-Route
X-Cache-Engine
IISExport
X-Varnish-RemainingGrace
X-Varnish-RemainingTTL
HCVer
X-Hypernode
X-B-Cache
X-Varnish-Seen-By
HAVer
X-Framework
X-Ttl
X-Distributed-By
X-Server-Response-Time
X-Orig-Vary
X-JG-Page-Cache
X-Origin-Id
X-Platform-Router
X-SV-Duration
X-SV-FromDBCache
X-SV-Expires
X-SV-Edge
X-SV-Nginx-Duration
X-SV-Pid
X-Plat
X-Session-Reinit
X-Cookie
X-Platform-Processor
X-SV-CreatedAt
Logging-CorrelationId
X-Nitra-Side
Host-Service
X-SV-CacheTags
X-UPSTREAM
Sfy
X-Bettercache-Proxy
X-Yottaa-Optimizations
X-Sucuri-ID
X-Resolver-IP
X-Yottaa-Metrics
AMF-Ver
Content-Transfer-Encoding
CacheControlHeader
X-Grid-Server
X-Sys-Req-ID
X-Varnish-Debug-Age
X-Object-Type
X-Object-Id
X-HOSTNAME
X-Do-Esi
X-TempDebug
X-Flow-Powered
X-Config-By
X-FIRSTBase
Backend
X-Debug
X-NFE
X-Nurl
LBC
X-Nhost
X-PF-Uncompressing
X-Machine-Name
X-Secret
X-Src-Webcache
X-Storage
X-SE-Debug
X-Server-Upstream
SVR
WWW-Authenticate
Cneonction
X-Nginx-Cache
XDomainRequestAllowed
X-Content-Age
X-BackendServer
Nitro-Cache
Beyond-Iis
Cache-Key
X-Cocoon-Version
X-Cache-Doesi
Id
X-Varnish-Esi-Access
X-Balanceador
Author
X-Garden-Version
X-Varnish-Esi-Method
X-Varnish-Ttl
X-WR-Flags
Hamster
SSPAppContext
X-Accel-Expires
X-Amz-Version-Id
X-StackifyID
Vacache
Allow
X-Varnish-Count
SRV
X-Uid
Backend-Timing
X-Analytics
S
X-Varnish-HitMiss
X-HostName
X-Obvious-Info
X-Varnish-Debug-TTL
X-Atraveo-From-Varnish-Cache
Set-Cookie2
X-Atraveo-ETag
X-PRAM
X-Client-Vid
W
X-Atraveo-Expires
X-Atraveo-Param-Rm
X-Req-Host
X-EPiphany-Vid
X-Atraveo-Varnish-Server-Id
X-Atraveo-Cache-Control
X-Atraveo-Zone
X-Source-ID
X-Atraveo-TTL
X-Cache-Control
X-Obvious-Tid
X-Atraveo-Set-Cookie
Tk
X-Force
X-Full-URL
X-Edge-Location
X-Jphone-Copyright
X-Rack-Cors
X-Connection-Hash
X-Transaction
X-Twitter-Response-Tags
X-Env
X-TTFB-L
X-Prefetched
X-SmugMug-Hiring
X-SmugMug-Values
X-TTFB
X-Nginx-Host
X-Symfony-Cache
Smug-CDN
WP-AdvCache-MemCached
X-Platform-Cache
Nodo
X-WA-Info
X-NginX-Cache
X-Varnish-Store
X-Varnish-Currency
Warning
CLMOB
X-Adobe-Content
X-HP-Trace-ID
X-App-Server
X-Middleton-PageSpeed
X-Info
X-ID
CT
Front
X-Adobe-Loc
X-HP-Trace-Project
X-Cms-Mode
X-Dev
X-Distributor
X-Amz-Storage-Class
X-W3TC-Minify
X-Cache-Set
X-TN-ServedBy
X-PHP-Engine
X-Varnish-Action
X-Ob-Mode
X-Pagename
X-Hit-Cache
Worker
X-Unbounce-PageId
X-Server-Instance
X-Gannett-Site-Version
X-NginX-Server
X-Optimization
X-Unbounce-VisitorID
X-Unbounce-Variant
X-Vary-Options
X-Captured
X-Test
X-Content-Security-Policy-Report-Only
X-DOM
X-NB-Cached-Page
X-Detected-Device
Cached
X-Real-IP
ServerIP
ORIGIN
Pool-Info
X-BC-Stapler
Bios
X-Avvio-Cms-Cacheload
X-Empowered-By
X-APP
Ibf5scheme
MW-Webserver
Keywords
NLCacheNote
X-LW-Web-Server
X-Web
X-Unique-ID
X-FreeTag-Count
X-DSMX-Rewrite-MS
X-REDIRECTSERVER
X-Id
X-Edge-IP
Sid
X-Apm-Telemetry-Syncmark
P-WS
X-Varnish-URL
X-N-ViewType
X-LB
X-T3Cache
X-T3CacheTags
X-T3CacheInfo
Pool
X-V
X-DSMX-Render-MS
X-IsCacheURL
X-Clara-ASAP
Jobb.Passal.Se
X-ASAP-Cache
X-Phpwcms-Page-Processed-In
P3P:CP
Cache-Rule
X-Medium-Entity-Id
Test.Executivepeople.Se
Myheader
Www.Mabracertifiering.Se
OT-RequestId
Jobb.Assistentpoolen.Se
Jobb.Gil.Se
Open.Jobgate.Se
BALANCEDTO
X-Medium-Entity-Type
X-Amz-Id-1
Www.Mirrorgate.Se
X-Frames-Options
X-Phpwcms-Release
X-Turpentine-Cache
X-XTM-Node
P-LB
X-ORACLE-DMS-ECID
Www.Myjob.Se
X-Turpentine-Esi
X-Varnish-Set-Cookie
X-Cache-On
X-DTC
X-SV
CpuTime
X-Origin
X-AWS
X-SDE-Name
RATING
X-Browser
SBGI-Device
SBGI-RenderTime
SiteName
X-Time-Spent
SBGI-9
SBGI-RealPath
SBGI-10
SBGI-7
X-Hosts-Backend
SBGI-1
SBGI-5
Content-Instance
X-ESI-Enable
X-CCM
X-AISO-Cacheable
X-AISO-Server
X-Powered-By-Anquanbao
X-AISO-Cache
X-Webstats-RespID
X-MrHost
X-HeBS-Cache-Status
Il-Cl
X-Vhost-ID
Machine
ServerTokens
X-B2f-Not-Route
X-Response-Status
X-Wikidot-Backend
X-DPWN-IS-SECURE
ServerSignature
X-FFX-B
X-Wix-Route-ID
X-Application-Context
X-Wikidot-Static-Cache
X-Site:
TP-L2-Cache
X-Node-Name
Servername
X-Server-Id
Real-Server
X-AbeBooks-Version
From
X-Cache-Fix
X-WP
X-Smartcache-Timeout
X-Smartcache-Keys
X-Cache-PageType
X-Expires
X-NginX-Cache-Status
X-4ormat-Cacheable
Backend-Name-Original
X-NginX-Upstream-Response-Time
X-NginX-Upstream-Status
X-Oracle-DMS-ECID
X-NginX-Upstream-Addr
X-Block
X-Header
X-Trace-App
X-NginX-Node
X-Channel-Maxage
Description
TP-Cache
Fastly-Backend-Name
X-Artvisual-Server
X-T
X-Stage
PServer
SS
X-GeoIP
X-IP-Address
X-Healthy
X-B
Ews
X-Ocache
X-VC-TTL
VC-NoCache
X-Tile-Url
X-Cache-Keep
X-Cache-TTL-Remaining
X-CacheResult
X-CB-Server
ScoreTracker
Cmstype
Cmsid
X-BKSrc
INCOMING-TIME
Y-Trace
X-LiteSpeed-Cache-Control
X-Trace-Id
IsMobile
X-AccessDev
X-CID
X-Frame-Option
Ec
X-CCC
X-Your-GrandPa-Would-Wait
X-Cache-CFC
X-Would-Your-GrandPa-Wait
If-Modified-Since
Sss
Head
ClientIP
X-Instance
F5-IpCliente
X-WR-MODIFICATION
X-Old-Content-Length
X-GSL-Server
X-Magento-Action
X-Enhanced-By
Xc
Ram
X-BC
X-Beatles-Hits
Noq
Cpu
X-SERVER-ID
X-Worker
Be
X-Does-He-Have-Time
Cache-By-Node
X-ManagedFusion-Rewriter-Version
X-TTL-Age
Gzip
X-Rewritten-By
No-Cache
X-CDN-Pop-IP
X-CDN-Pop
X-Backside-Transport
X-IP
X-HW
X-Server-Instance-Name
X-Timing
Prxy
X-Esi
X-Invoke-Duration
X-MAT-GEO
Ksid
Hash
Cluster-ID
Sophnep-Edge-FX
X-ATM-RServer
N365rili
X-ATM-RTime
X-Venda-Hitid
X-Response
X-Forwarded-Proto
X-Server-Generated
X-Desc
X-Actindo-RS
X-F-Cache
Web
Paypal-Debug-Id
X-NewRelic-App-Data
X-DealerOn
X-Cache-Node
Web-Server
S-Cnection
X-Seschat-URL
X-SRV
X-LB-Server
NZSpeedy
X-SeschatTemplateID
X-SeschatLayout
X-SeschatDID
Hosted-By
X-SeschatRedID
X-Hstore
X-Hrouter
X-Gyrobase-Publication
X-Hosting
X-Pj-Cache-Status
X-RateLimit-Remaining
X-Martin
X-Global-Transaction-ID
X-MobileDetected
X-OPNET-Transaction-Trace
X-Say-Original-Host
X-Say-Cacheable
X-Say-Original-IP
X-DN-Cache-Control
X-Pagely-Cache
HostGen
BDPAGETYPE
X-Author
Countrycode
Be-Ip
Be-Va
X-Say-Original-UA
Og
X-EdgeRouter
X-ENV
X-Full-Url
X-Cache-Original-TTL
XX
X-WorkerInstancename
X-PHP-Response-Code
X-SayCDN-UA
Note
X-Ec-Custom-Error
X-ServedByHost
Mto-License-Status
Imx-Cookies-Used
Mime-Version
X-Supported-By
CmsCacheEngine
Fpc-Expire
Fw-Via
Section-Io-Id
IM-Version
X-ACCELERATE
X-OCTOPOD
X-Pb-Mii
SB-Cache-Life
SB-Site-Device
Surrogate-Key
X-Pixelsilk-Server
X-Pixelsilk-Version
X-7d-Instance-Id
X-SayCDN-Original-UA
X-SayCDN-TTL
X-SayCDN-Original-Path
X-SayCDN-Original-Host
X-Say-TTL
BDUSERID
X-7d-Trace-Id
Access-Control-Allow-Orgin
X-Server-Ip
BDQID
X-Varnish-Debug-Varnish-TTL-Set-From-Server
X-Varnish-Restarts
X-Varnish-Debug-Pool-Recv
X-Varnish-Debug-Pool-Fetch
X-Server-IP
X-Uplex
X-Say-Original-URL
SB-Cache-Remaining
Server-Optimized-By
V-Age
Www.Aujourdhui.Com
X-Rack-CORS
MIH-PUBLIC-IDENTIFIER
X-EZPublish-NodeID
X-GC-App
X-RSS-CACHE-STATUS
X-Expose-Took
X-ATP-Server
MIH-CLIENT-FARM
X-Expose-Site
X-Expose-Hostname
X-Device-Group
MIH-PLATFORM
X-Cache-Ttl
X-Cluster-Node
X-Highwire-Sitecode
X-Key
X-GC-Read
X-RealServer
X-Span
X-GC-Write
Aurora-Node
Akamai-Edgescape
B-Powered-By
Thinkindot-CacheControl
X-RequesterIP
X-PHP
X-Client-Addr
X-Node-Id
Server-IP
RN-Server
X-GC-Pointer
RequestTrackId
X-Dynamic-Cache
X-EZPublish-InstallationID
X-Flex-Tag
X-Max-Age
X-Flex-Lastmod
X-Flex-Lang
X-Restarts
X-Flex-Tags
AGI-Request-ID
X-Capoed
X-Cache-Action
Access-Control-Request-Headers
X-Varnish-Backend-Healthy
X-AG-MIPS
X-Environment
X-Varnish-Instance
X-Flex-Evend
WFE
X-FCMS-Cache
X-Flex-Community
Thinkindot-Control
X-Varnish-Error-Restart
X-Flex-Evstart
Provider
X-Expose-Generated
X-Mii-Cache-Hit
Thinkindot-CacheControl-Type
X-Is-Mobile
X-ProxyInstancename
X-Server-Addr
X-Backend-Name
X-Dispatcher
X-Webkit-CSP
X-Tradeindia-SMgmt
X-Airee-Node
Device
X-Tradeindia-Request-GUID
NnCoection
X-SID
MtcHosted
X-Remote-Addr
X-Static-Version
Accept-Language
X-Origin-Cache
X-Kinsta-Cache
X-Hosting-Env
X-Wm-VIP
User-Cache-Control
X-Application
Robots
AsisCache
Debug-Status
Encoding
X-Wm-1
X-EntryPoint
X-RemovedCookies
X-Render-Time
X-ProcessESI
X-IIJ-Cache
X-Fallback
X-GRACE
X-Request-Count
X-NMT-Proxy
X-GUploader-UploadID
X-Goog-Stored-Content-Length
X-PBY
X-Protected-By
X-Debug-Serve
X-Cluster-Host
X-Goog-Stored-Content-Encoding
X-Goog-Storage-Class
Language
X-Powered-By-Home.Pl
X-Catalyst
X-Ct-Info
X-Goog-Metageneration
X-Goog-Generation
CDN-Region
X-Backend-TTL
MwpReleaseVersion
PowerCDN
Apache
Beid
X-Webcelerate
X-Appmachine-Environment
Cdate
Ttl
X-Pj-Cache-Key
X-NewCloud-V-Cache
X-Route
X-SilverStripe-Cache
Railo-Version
X-Signature
X-Esi-Processing
X-Cache-Level
X-Gondor-Server
X-CO-Host
X-ETag
X-Ghost-Cache-Status
X-GETTER-Cache
X-Amz-Meta-Cb-Modifiedtime
GenSvr
X-Process-Time
X-LW-T
X-Timestamp
X-Trans-Id
From-Origin
X-JSESSIONID
X-Lima-Id
Stats-HtmlMinAndCss
Stats-API
Stats-Rendering
X-ASAP-Age
X-Compressed-By
X-Backend-Ip
Powered-By-VeryCDN
Expiries
X-Panel-Name
X-Panel-Id
X-Pressidium-NinukisWP-Ver
X-Runtime-Memory
X-Xhr-Current-Location
X-HAProxy
Kanooh-Host
BM-Cache-Status
BM-Cache-Node
BM-Cache-Key
X-Sc-Path
OutputRewritten
RequestId
X-COUNTRY-CODE
X-Dynamic
X-Content-Type
X-Ar-Debug
X-Sc-Cache
X-IDS-WS
X-Powered-Developer
X-Serendipity-InterfaceLang
X-Serendipity-InterfaceLangSource
Count-Click-Attempt2
X-FarmId
Redirect
Copyright
DNNOutputCache
Http
MachineName
X-Domino-CacheValidationWithETagResult
X-Domino-CacheValidationWithETagReason
X-This-Proto
X-We-Are-Hiring
X-Web-Node
X-IB-Timestamp
X-Nginx
X-NID
X-Purge-Level
X-FastCGI-Cache
X-Rq
X-Obr-Rule
X-IB-Site-Name
X-IB-Context-Urn
X-HITS
X-Perf
X-Batcache
X-Brought-To-You-By
WP-Cache
User-Agent
X-IB-Content-Urn
X-IB-Content-Type
DeleGate-Ver
SERVER-IP
D
X-EC2-Instance-Id
Resin-Trace
X-ESI
X-RiS-UFDI
X-Router
X-Router-Backend
X-HTML-Minification-Powered-By
X-A
X-E
X-Cache-Extended
X-Box
X-Cluster
X-Status
X-UseReverse-Proxy
Cache-Cookie-Set-Index-Page
Cache-Cookie-Set-Lfrom
Dispatcher
Expire
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-From
X-Webapp
XDisk
X-Fedora-School-Id
Max-Age
X-Zendesk-User-Id
X-Zendesk-Origin-Server
Session-Id
X-HP-CAM-COLOR
RouteID
Server-ID
Instapage-Variant
X-Dynatrace
X-Client-Ip
Server-Version
NS-VaryByCustom-Key
ReqUrl
X-Pj-Cache-Gzip
X-HA
X-OneLinkHost
X-Pj-Cache-Time
X-Beresp-Ttl
X-Pj-Cache-Expires
X-Obj-Ttl
X-Mod-Oboe-PS
X-Pj-Cache-Flags
X-M
X-WLD-LB
X-LOCATION
X-JV
X-SuperCache
X-ACLR-Version
X-Cachable
X-Cache-Via
X-DDM-SERVER
Web-Head
Uitdaging
DPOOL-HEADER
X-Cookies-Stripped
X-Cms-Server
X-DDM-SERVER-UPDATED
X-Cache-Me-Harder
X-Session-ID
X-Site-Name
X-Sov
X-DN-GyrobaseID
X-Rot
Xonnection
X-Jcms-Ajax-Id
X-Accel-Cache-Control
X-Provided-By
X-UA-Vendor
X-OneLinkTook
X-Bcwwwid
X-Lb-Server
X-Recruitment-Address
X-OpenCart-Lightning
X-Varnish-ServiceNetIP
X-MCF-ID
CtExclusions
NKBVHEADER
X-Fpc
X-Cache-Backend
X-Proto
X-DataDome
X-Hit
X-Machine
X-Country
X-BE
X-Varnish-Hashed-On
AC-ELC
DB-Nickname
BlockPHPCallEnd
X-Service-Location
SBMCLOUD
X-Varnish-Max-Age
X-BCube-Filmed-By
X-Debug-Token
X-WebNode
X-DB-Content-Length
X-OneLinkServiceType
X-RAMCache
X-PageType
X-Search-Id
Bs-Header
X-MOBILE
X-WEBFRONT
X-Request-Uri
X-DistilledODN-Id
X-Aicache-OS
Is-Cached
TotalTime
URI
X-OneLinkProcessing
X-PM-ID
MageStack-Loadbalancer
MageStack-PageSpeed
MageStack-Tag
X-BeResp-Ttl
Apple-Itunes-App
MageStack-Debug
MageStack-Cacheable
MageStack-Config
X-CPU-Time
X-VG-WebCache
X-Cache-Type
X-Document-Folder-Guid
MSSmartTagsPreventParsing
MSThemeCompatible
X-Document-Guid
X-DELIVERYSERVER
X-TNCMS-Bot-Tier
MageStack-Web-Node
X-Ants-Host
X-Ants-Machine-Id
Clientip
MageStack-Cache-Status
X-AppServer-Status
X-ClusterID
X-Device-Class
MageStack-Cache
X-AppServer-Cache-Rule
UniqueName
X-HOSTTYPE
MageStack-Area
Tracker
Device-Type
X-Nginx-Backend
RVBD-CSH:
WebServer
X-9XB-Server
Content-Cache
XServer
MageStack-Cache-Lifetime
X-NWS-LOG-UUID
Pw-Value
MageStack-Cache-Hits
X-Document-Guid-Path
X-Document-Path
At-Isb
At-Shoptype
Atp-Isdpp
SLB
X-UUID
X-Request-Received
X-Pardot-Route
X-Pardot-Rsp
X-Request-Processing-Time
Url-Hash
X-Batcache-Reason
Requested-Host
X-USERNAME
Hostname
X-Server-By
SINA-LB
SINA-TS
X-Geo
Orgin-Server
Cteonnt-Length
X-Pardot-LB
X-Op
X-Meta-Imagetoolbar
X-Meta-MSSmartTagsPreventParsing
X-Meta-MSThemeCompatible
X-Nginx-Request-Time
X-Hiawatha-Cache
X-EdgeConnect-Origin-MEX-Latency
X-SCProxy
X-Document-Tracking-Type
X-EdgeConnect-MidMile-RTT
X-Ec2-Vpc
X-Hiring
X-Allow-Redis
X-KS-Cache-Status
X-Lookup-Mode
X-Nosy-Parker
X-LS-DEBUG
X-Cached-Status
X-Litespeed-Cache-Control
Disablevcache
X-Built-By
CommunityServer